JDK-6867345 : Turkish regional options cause NPE in sun.security.x509.AlgorithmId.algOID
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 6u14
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • OS: windows_xp
  • CPU: x86
  • Submitted: 2009-07-31
  • Updated: 2011-03-07
  • Resolved: 2011-03-07
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7
7 b105Fixed
Related Reports
Relates :  
Description
FULL PRODUCT VERSION :
java version "1.6.0_14"
Java(TM) SE Runtime Environment (build 1.6.0_14-b08)
Java HotSpot(TM) Client VM (build 14.0-b16, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]

EXTRA RELEVANT SYSTEM CONFIGURATION :
Turkish regional options (under regional settings control panel)

A DESCRIPTION OF THE PROBLEM :
I tried to create instance of javax.crypto.EncryptedPrivateKeyInfo class on machine with Turkish regional options, i.e. Locale.getDefault() gives TR locale.
and the constructor fails with NullPointerexception originating from
sun.security.x509.AlgorithmId.algOID()
If regional options are changed to English, the attached code runs without any exception.
I assume that the problem has something to do with string manipulations that do not take into account the locale, like String.startsWith()
see steps to reproduce.


STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
run the source code

ACTUAL -

java.lang.NullPointerException
	at sun.security.x509.AlgorithmId.algOID(AlgorithmId.java:551)
	at sun.security.x509.AlgorithmId.get(AlgorithmId.java:417)
	at javax.crypto.EncryptedPrivateKeyInfo.<init>(DashoA13*..)
	at TestTest.main(TestTest.java:63)

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
public static void main(String[] args) {
                char[] password = "somepass".toCharArray();
        PBEKeySpec pbeKeySpec = new PBEKeySpec(password);
        byte[] salt = new byte[8];

        new SecureRandom().nextBytes(salt);

        try {
            PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, 500);

            // convert password into a SecretKey object, using a PBE key factory.
            SecretKeyFactory keyFac = SecretKeyFactory.getInstance("PBEWITHMD5ANDDES");
            SecretKey pbeKey = keyFac.generateSecret(pbeKeySpec);

            // Create PBE Cipher
            Cipher pbeCipher = Cipher.getInstance("PBEWITHMD5ANDDES");

            // Initialize PBE Cipher with key and parameters
            pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec);

            byte[] encryptedPrivKey = pbeCipher.doFinal(new byte[]{1,2,3,4,5,6,7,8,9});

            AlgorithmParameters algo = AlgorithmParameters.getInstance("PBEWITHMD5ANDDES");

            algo.init(pbeParamSpec);

            EncryptedPrivateKeyInfo result = new EncryptedPrivateKeyInfo(algo, encryptedPrivKey);


        } catch (Exception failed) {

            failed.printStackTrace();
        }
}
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
set the locale to US_en in JVM parameters
(-Duser.country=US -Duser.language=en)

Comments
EVALUATION In Turkish, "Alias".toUpperCase() is not "ALIAS".
2009-08-04